Tags

WebSphere MQ V7.1 introduced a channel security feature, Channel Authentication Records, or CHLAUTH for short. This feature allows you to set up rules to detail how your inbound connections should be treated. Should they be allowed or blocked. Today we shall look at the best way to use CHLAUTH rules in MQ. Allow or Block? When thinking about the control of inbound connections into your queue manager, there are two perspectives. Either you can try to list all the connections that are not allowed, or you can start by saying all connections are... [More]

WebSphere MQ V7.1 introduced a channel security feature called Channel Authentication Records, or CHLAUTH for short. The feature allows you to set rules to indicate what should happen to inbound connections to your queue manager, i.e. channels and clients. Should they be allowed to connect or should they be blocked from connecting. If you migrate up from an earlier release to V7.1, i.e. you created your queue manager at an earlier release, then CHLAUTH will be disabled by default. However, if you create your queue manager with the V7.1... [More]

As an administrator of a WebSphere MQ Queue Manager, you have the job of ensuring that the system runs smoothly and that a badly behaving application cannot have an impact on other users of the queue manager. One of the ways you ensure this happens is to restrict the number of channels that can run, thus avoiding problems when too many channels use up resources on the system, such as memory. Traditionally this was done by setting a value for the overall queue manager that set a maximum on the number of channels that could be run in the... [More]

In the typical WebSphere MQ installation, both the MQ Server and the MQ Client features are installed. However, the MQ Client can be installed on a system where the MQ Server component is not installed, and no queue manager runs. In this configuration the MQ Client can do message queuing to one, or many queue managers that reside on different machines. If you have never used the WebSphere MQ Client feature and want to give it a try, here is a quick and easy way to configure an MQ Client to connect to a queue manager on an MQ Server. In this... [More]

In the context of configuring encrypted connections between WebSphere / IBM MQ and WebSphere Application Server, I'm currently building a scripted process to set up the infrastructure end-to-end, which I'm testing on a VM. For the record, I'm using IBM MQ 8.0.0.2 and WebSphere Application Server (WAS) 8.5.5.2. Whilst I've not yet completed my build, I did hit an issue yesterday that caught me out for a wee while. Specifically, I've configured a Channel within MQ that is encrypted using Transport Layer Security... [More]

Have a few minutes? Come check out the IBM SupportTV channel on YouTube , where you can find short, bite-sized videos that are focused on teaching you a specific task for a bunch of your favorite IBM Cloud, Hybrid Cloud, and on-prem products. New videos are being published every week, so make sure you subscribe to the channel and share it with your friends and colleagues! IBM SupportTV covers the following IBM Cloud products and tags . You will find videos organized by product area playlists , that make it easy to... [More]

My favorite part of channel status is a field showing the sub status for a channel - SUBSTATE. It is just one little field and yet it can convey so much information about what the channel is doing. It was originally introduced in WebSphere MQ V6 to address the ever present question, "My channel is stuck in BINDING state - what is it doing?", however it is useful for other problems too. Well behaved channels When a queue manager to queue manager channel is running, but not currently moving any messages, the SUBSTATE... [More]

WebSphere MQ V7.1 introduced a channel security feature called Channel Authentication Records, or CHLAUTH for short. The feature allows you to set rules to indicate what should happen to inbound connections to your queue manager. By default there are three rules in place and one of them is there to block all remote privileged users - that is those in the mqm group for example. To understand whether you are being blocked by this particular rule see " I'm being blocked by CHLAUTH - how can I work out why? " AMQ8878:... [More]

WebSphere MQ V7.1 introduced a feature which allows you to block IP addresses from connecting to your queue manager - this feature is Channel Authentication Records, or CHLAUTH for short. In fact there are two ways that CHLAUTH allows you to block IP addresses. Today we will describe when to use each type. Two ways to block First let us show you two examples of how to block IP addresses using CHLAUTH. Example 1: SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('1.2.3.4') USERSRC(NOACCESS) Example 2: SET CHLAUTH('*') TYPE(BLOCKADDR) ADDRLIST('1.2.3.4')... [More]

Queue manager error logs can be difficult to read, and it doesn't help when you see the log flooded with informational messages like: AMQ9001 Channel <insert_3> ended normally. AMQ9002 Channel <insert_3> is starting. AMQ9202 Remote host <insert_3> not available, retry later. Did you know that you can suppress WebSphere MQ messages? Here is one example of how to suppress messages: This is an excerpt from a qm.ini file, that contains a QMErrorLog stanza with the SuppressMessage option specified. The SuppressMessage option as... [More]

Clustering is a WebSphere MQ feature that is often confusing for many users. I’d like to provide some guidelines you can follow to ensure the optimum health for your cluster. Here’s a list of Ten Tips for MQ Clustering: Don’t issue refresh command unless absolutely necessary. The REFRESH CLUSTER command can cause temporary disruption to traffic as it clears out the local cache. It is not a command that should be issued on a routine basis. Have 2 Full Repositories (no more, no less). When updates are made within a cluster, two messages are sent... [More]

For some types of cluster issues, the output from the DISPLAY CLUSQMGR command goes a long way towards understanding what's wrong and how to fix it. Let's take a look at the following output to focus on some important fields. CSQM293I indicates, for a partial repository, the number of queue managers it has an interest in. A full repository would return every queue manager in the cluster TEST. Since DEFTYPE is CLUSSDRB and QMTYPE is REPOS this means RTP9 has a manually defined channel to the full repository, RTP8, which has been... [More]

Usually when you are faced with a choice it is an either-or kind of choice. You can choose either one or the other. For example, in WebSphere MQ (WMQ), if you have a channel that is trying to deliver a message and it is unable to deliver the message, you have a choice of how that is handled. In the most simplistic view you can choose whether your channel lives OR whether your channel dies. You do this by deciding whether to define a Dead Letter Queue (DLQ) in your queue manager. Since the earliest days of WebSphere MQ, it has been "best... [More]

As you probably already know, all too well, the size of data being used by applications seems to grow every day. As the size of the data grows, the time it takes to transfer this data grows too. This means that the users waiting on this data have to wait longer for the data to arrive. As you probably also know, the patience of these users is not growing at the same rate as the size of the data. If you want to keep your users happy, you have to make the data transfer faster. One way to do this is to compress the data before it is... [More]

You're changing the queue managers default listener port. Be very careful, because this could cause channel problems, or other unexpected results, which are difficult to debug. Each queue manager is created with the default listener port set to 1414. This default port is used whenever you choose to omit the port number specification on your channel definitions and other commands. If you are going to use a default listener port other than 1414, then you might want to consider using the same default listener port for all of your queue... [More]